Jul 19 2019 07:54 AM
Jul 19 2019 07:54 AM
I am currently in discussions with my business unit relating to the option to have multiple tenancies within the same organisation.
To set the scene - We are a global organisation with one O365 tenancy. Our tenancy resides in Japan (as that is where global HQ is) under one organisation. Full admin portal access is also controlled by Japan. This means that all other regions have very limited admin privileges for O365 which is a massive pain. Before you ask, no global HQ will not share full admin rights with anyone else.
In Europe, we are exploring the possibility of creating a separate tenancy but under the same organisational domain. The research I have done so far indicates that this cant be done, as well as other factors that would equate to a negative impact on user experience.
I would just like to get some guidance/feedback on this subject from anyone who knows, or has been through similar.
Jul 19 2019 10:49 AM
It's always best to keep all users within the same organization, as otherwise collaboration will greatly suffer. If administration is your major point, you can either wait until Microsoft provides proper RBAC support across all workloads (probably in few years...) or build your own management tools on top of what's currently available or use third-party products that provide management software for O365 (they can usually allow you to define granular controls for the tasks each admin can perform against a given group of user).
Jul 22 2019 06:59 AM
Many thanks for your response Vasil. Yes I definitely wish to keep all users within the same organisation (so that they all share the same domain). However, within the same organisation I want a way to manage European users independently from other regions yet still retain the benefits of cross-collaboration. And I think this is where the problem lies.
As I understand it (and I could be totally wrong), Azure allows you to have multiple tenancies within the same organisation. But I'm not sure how this works for cross-collaboration.
I don't think 'multi-geo' would solve this problem, as this only deals with where the data is at rest.
Re: third-party products for O365 management - Could you provide any examples please?
Many thanks again for your feedback.
Jul 22 2019 08:45 AM
Office 365 != Azure, so you have no parity in the management tools either. Best you can do with the native O365 functionality is to segregate Exchange Online management, as it has proper support for RBAC controls. All the other workloads are quite limited in this regard, most importantly the underlying Azure AD where all identity and auth management happens doesn't have any usable RBAC controls yet (it has the so-called Administrative units, but they are very very limited).
As for third-party tools, there are few players in the space. I try to avoid posting direct links to third-party products where possible, just do a search online and you will find them.
Jul 22 2019 02:02 PM
Jul 25 2019 10:04 AM
@PMGlobal Hello! You've posted your question in the Community Discussion space, which is intended for discussion around the Tech Community website itself, not product questions. While I'm pleased you got a great answer, I'm moving your question to the Office 365 space - please post Office 365 questions here in the future.